Various types of execution environments can be utilized to execute software applications. Execution environments can provide functionality for not only executing applications, but also for managing application execution and for providing other types of functionality. For example, one type of execution environment is a software container. Software containers typically provide functionality for loading application dependencies, interconnecting applications at run time, and for managing application lifecycles, including integrated application deployment and eviction. Standard configuration mechanisms can typically be utilized to access this functionality.
Executing programs in an execution environment, such as a software container, may provide benefits over executing applications using traditional application architectures. For example, executing applications in a software container might permit applications to be constructed and deployed in a modular fashion by deploying the modules to a software container independently and interconnecting the modules at run time. Executing applications in a software container might also permit multiple applications, which may be referred to herein as “tenants,” to execute in the same multi-tenant software container, thereby sharing common frameworks in memory and potentially reducing resource utilization.
Because multi-tenant software containers provide functionality for hosting multiple tenants, multi-tenant software containers typically also provide mechanisms to isolate different tenants from one another. For simple tenants, the basic level of isolation provided by a software container may be sufficient. For software operating in a high-performance, latency sensitive, secure, highly available environment, however, this model may be lacking. For example, a tenant executing in a multi-tenant software container may consume so many resources that it can starve other tenants executing in the software container or even take down the software container. A tenant executing in a multi-tenant software container might also access protected data owned by another tenant, or handle failure improperly and take down the entire software container.
It is with respect to these and other considerations that the disclosure made herein is presented.